Table of Contents

RPL Attacks Framework Tweet

Make simulations of a WSN with a malicious mote for attacking the RPL protocol.

Read The Docs Known Vulnerabilities DOI Black Hat Arsenal Europe 2018 Vagrant License

This project aims to provide a simple and convenient interface relying on Contiki OS to generate Cooja simulations and deploy malicious motes for a Wireless Sensor Network (WSN) that uses Routing Protocol for Low-power and lossy devices (RPL) (RFC 6550) as its network layer.

With this framework, it is possible to easily define campaign of simulations (in JSON format) either redefining RPL configuration constants, modifying single lines from the ContikiRPL library or using an own external RPL library. Moreover, experiments in a campaign can be generated either based on a same or a randomized topology for each simulation.

See the Wiki for additional documentation.

A few test cases made with the framework:

Test case 1: flooding attack

The malicious mote has 3, 7, 10 in its range Power tracking without the malicious mote Power tracking with the malicious mote
The malicious mote has 3, 7, 10 in its range Power tracking without the malicious mote Power tracking with the malicious mote

Test case 2: versioning attack

Legitimate DODAG Versioning attack in action (global repair)
Legitimate DODAG Versioning attack
Power tracking without the malicious mote Power tracking with the malicious mote
Power tracking without the malicious mote Power tracking with the malicious mote

Test case 3a: blackhole attack

Legitimate DODAG Blackhole attack in action
Legitimate DODAG Blackhole attack

Test case 3b: blackhole attack

Legitimate DODAG Blackhole attack in action
Legitimate DODAG Blackhole attack

Installation

  1. Clone this repository
 $ git clone https://github.com/dhondta/rpl-attacks.git

Behind a proxy ?

Setting: git config --global http.proxy http://[user]:[pwd]@[host]:[port]

Unsetting: git config --global --unset http.proxy

Getting: git config --global --get http.proxy

  1. Create the VM
 $ vagrant login
 [...]
 $ vagrant up

Important notes

The downloads of the Vagrant box may take a while, please be patient…

Also, after the creation of the VM, Vagrant may complain that the SSH connection was unexpectedly closed by the remote end. In practice, this does not affect the creation and operation of the box.

Behind a proxy ?

Install the plugin: vagrant plugin install vagrant-proxyconf

Configure Vagrant: Uncomment the lines starting with config.proxy in the Vagrantfile

Troubleshooting:

  • Ensure the latest version of Vagrant is installed
  • If using virtualbox provider, ensure Oracle Extension Pack is installed (see Oracle website)

Using Instant Contiki or another distribution:

The full manual installation procedure is available here and mentions InstantContiki but it is advised to use the Vagrant box as it was fully tested.

Demonstration

This will make 3 complete examples of attacks : hello flood, version number and blackhole.

Open the console like before and type:

 user@instant-contiki:rpl-attacks>> demo

Or simply launch the demo command with Fabric:

 ./rpl-attacks$ fab demo

Quick Start

  1. Open the console (you should see something like in the following screenshot)
 ./rpl-attacks$ python main.py

or

 ./rpl-attacks$ fab console

  1. Create a campaign of simulations
 user@instant-contiki:rpl-attacks>> prepare sample-attacks
  1. Go to your experiments folder (default: ~/Experiments) and edit your new sample-attacks.json to suit your needs

See How to create a campaign of simulations ? for more information.

  1. Make the simulations
 user@instant-contiki:rpl-attacks>> make_all sample-attacks
  1. Run the simulations (multi-processed)
 user@instant-contiki:rpl-attacks>> run_all sample-attacks

Hint : You can type status during make_all and run_all processing for getting the status of pending tasks.

  1. Once tasks are in status SUCCESS in the status tables (visible by typing status), just go to the experiment’s results folders to get pictures and logs of the simulations. The related paths are the followings :

[EXPERIMENTS_FOLDER]/[experiment_name]/without-malicious/results/ [EXPERIMENTS_FOLDER]/[experiment_name]/with-malicious/results/

Issues management

In case of bug, there should be a crash report generated in the folder of the experiment that the framework was processing. By convention, this is named crash-report-[...].txt. Please copy its content (without the title) in a new Issue.

For contributions or suggestions, please open an Issue and clearly explain, using an example or a use case if appropriate.

If you want to build new RPL attacks, please refer to the How to make new building blocks ? section. In this case, please submit your new attack through a Pull Request.